Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXPANDR-5778: Organizational scope searching for EC2 #31849

Merged
merged 6 commits into from Jan 4, 2024
Merged

EXPANDR-5778: Organizational scope searching for EC2 #31849

merged 6 commits into from Jan 4, 2024

Conversation

johnnywilkes
Copy link
Contributor

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

https://jira-dc.paloaltonetworks.com/browse/EXPANDR-5778

Description

The recommended way to search for an EC2 instance by public IP is called IPAM Public IP Insights (https://aws.amazon.com/about-aws/whats-new/2023/07/aws-public-ip-insights-vpc-ip-address-manager/) and it just got API to access data (commands added in #31165). This PR increases the abilities of the AWS - Enrichment playbook to use the AWS IPAM Public IP Insights API to search for an IP address on of an EC2 instance in the organization scope and to pull additional information on it.

Must have

  • Tests
  • Documentation

@content-bot content-bot added Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! External PR Xsoar Support Level Indicates that the contribution is for XSOAR supported pack labels Dec 28, 2023
@content-bot content-bot changed the base branch from master to contrib/PaloAltoNetworks_AWS-E+R-EXPANDR-5778-2 December 28, 2023 16:32
@johnnywilkes johnnywilkes mentioned this pull request Dec 28, 2023
Merged
4 tasks
@content-bot
Copy link
Collaborator

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @YuvHayun will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

@content-bot
Copy link
Collaborator

Hi @johnnywilkes, thanks for contributing to a Cortex XSOAR supported pack. To receive credit for your generous contribution please follow this link.

@johnnywilkes
Copy link
Contributor Author

@melamedbn / @adi88d , this was opened to replace #31493

@johnnywilkes
Copy link
Contributor Author

Not sure about the unit tests and how/if I need to resolve

@johnnywilkes johnnywilkes mentioned this pull request Dec 29, 2023
Merged
5 tasks
@YuvHayun YuvHayun requested review from adi88d and removed request for YuvHayun December 31, 2023 09:42
@YuvHayun YuvHayun assigned adi88d and unassigned YuvHayun Dec 31, 2023
@melamedbn
Copy link
Contributor

Hi @johnnywilkes,

Everything looks great. Can you just add the IPAM outputs?

Best regards,
Ben

@johnnywilkes
Copy link
Contributor Author

Hi @johnnywilkes,

Everything looks great. Can you just add the IPAM outputs?

Best regards, Ben

@melamedbn , i believe you are referring to outputting some of the IPAM information from the playbook, right?

I can do this but would prefer not to as IPAM is really only the mechanism to determine the account/region/instanceID of the EC2 so we can pull additional information on the instance and security group. Therefore, we really care more about the instance/SG information and those should be the intended outputs.

@johnnywilkes @ShirleyDenkberg
Apply suggestions from code review
b542b78 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@johnnywilkes johnnywilkes mentioned this pull request Jan 3, 2024
Merged
5 tasks
adi88d
adi88d approved these changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@adi88d adi88d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great!

@adi88d adi88d merged commit 6c3ff97 into demisto:contrib/PaloAltoNetworks_AWS-E+R-EXPANDR-5778-2 Jan 4, 2024
15 of 21 checks passed
@content-bot content-bot mentioned this pull request Jan 4, 2024
Merged
5 tasks
adi88d added a commit that referenced this pull request Jan 10, 2024
@content-bot @johnnywilkes
@ShirleyDenkberg @adi88d @RotemAmit @MosheEichler
EXPANDR-5778: Organizational scope searching for EC2 (#31958)
0d2df1d 
* EXPANDR-5778: Organizational scope searching for EC2 (#31849)

* redo it all

* packs ignore

* Apply suggestions from code review

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* bump ver

* bump ver2

---------

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Bump pack from version AWS-Enrichment-Remediation to 1.1.12.

* echo curl

* revert

* debug

* print curl

* print curl

* revert

---------

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: RotemAmit <ramit@paloaltonetworks.com>
Co-authored-by: MosheEichler <meichler@paloaltonetworks.com>
dantavori pushed a commit that referenced this pull request Jan 14, 2024
@content-bot @johnnywilkes
@ShirleyDenkberg @adi88d @RotemAmit @MosheEichler @dantavori
EXPANDR-5778: Organizational scope searching for EC2 (#31958)
5915b48 
* EXPANDR-5778: Organizational scope searching for EC2 (#31849)

* redo it all

* packs ignore

* Apply suggestions from code review

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* bump ver

* bump ver2

---------

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Bump pack from version AWS-Enrichment-Remediation to 1.1.12.

* echo curl

* revert

* debug

* print curl

* print curl

* revert

---------

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: RotemAmit <ramit@paloaltonetworks.com>
Co-authored-by: MosheEichler <meichler@paloaltonetworks.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@melamedbn melamedbn melamedbn approved these changes

@adi88d adi88d adi88d approved these changes

Assignees

@melamedbn melamedbn

@adi88d adi88d

@ShirleyDenkberg ShirleyDenkberg

Labels
Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved External PR Security Review Xsoar Support Level Indicates that the contribution is for XSOAR supported pack
Projects
None yet
Milestone
No milestone
6 participants
@johnnywilkes @content-bot @melamedbn @adi88d @ShirleyDenkberg @YuvHayun